Skip to content

Commit 86519d7

Browse files
yuemluyuemlu
authored
Update storage-files-aad-permissions-and-mounting.md
1 parent 36b1726 commit 86519d7

File tree

1 file changed

+3
-1
lines changed

1 file changed

+3
-1
lines changed

includes/storage-files-aad-permissions-and-mounting.md

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@
1212

1313
## 2. Assign access permissions to an identity
1414

15-
To access Azure Files resources with identity based authentication, an identity (a user, group, or service principal) must have the necessary permissions at the share level. This process is similar to specifying Windows share permissions, where you specify the type of access that a particular user has to a file share. The general recommendation is to use share level permission for high level access management to a team or group, then leverage NTFS permissions for granular access control on directory/file level. The guidance in this section demonstrates how to assign read, write, or delete permissions for a file share to an identity.
15+
To access Azure Files resources with identity based authentication, an identity (a user, group, or service principal) must have the necessary permissions at the share level. This process is similar to specifying Windows share permissions, where you specify the type of access that a particular user has to a file share. The guidance in this section demonstrates how to assign read, write, or delete permissions for a file share to an identity.
1616

1717
We have introduced three Azure built-in roles for granting share-level permissions to users:
1818

@@ -28,6 +28,8 @@ You can use the Azure portal, PowerShell, or Azure CLI to assign the built-in ro
2828
> [!NOTE]
2929
> Remember to sync your AD credentials to Azure AD if you plan to use your AD for authentication. Password hash sync from AD to Azure AD is optional. Share level permission will be granted to the Azure AD identity that is synced from AD.
3030
31+
The general recommendation is to use share level permission for high level access management to an AD group representing a group of users and identities, then leverage NTFS permissions for granular access control on directory/file level.
32+
3133
#### Azure portal
3234
To assign an RBAC role to an Azure AD identity, using the [Azure portal](https://portal.azure.com), follow these steps:
3335

0 commit comments

Comments
 (0)